@arnaudrigole wrote:
Hi everyone,
I’m trying to use haproxy instead of apache2 to setup a reverse proxy in my company.
I followed/compared some documentations to make my own haproxy.cfgHaproxy is running on its own server, and has to redirect https requests on another web server. As you’ll see in the below configuration (i think) i redirect any http request on https.
The problem is that i get the “BAD REQUEST” error when trying to access my test website. The certificates seems to work because i can see it in my web browser, and i got no error about it in the log, however, in that /var/log/haproxy.log, i can only see that the request seems to be correctly redirected on the backend web server :
Jan 25 16:48:14 haproxyserver haproxy[5570]: 37.169.147.6:37646 [25/Jan/2019:16:48:14.100] localhost-443~ redirect-website1/webserver1:443 75/0/131 619 -- 1/1/0/0/0 0/0What i’m doing wrong ?
For information, that process worked correctly reverse proxy by apache, but i can’t use it anymore since i have to setup another redirection for another domain, and apache2 can’t handle more than 1 public certificate (or maybe i’m doing something wrong too, but i’m not here for that, anyway haproxy seems to be a more convenient and powerful tool
)
Find below the configuration file
Thanks in advance for your precious help!
ArnaudHere is the complete haproxy.cfg, (commented!)
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s maxconn 4096 user haproxy group haproxy daemon defaults log global mode tcp option tcplog option dontlognull timeout connect 15s timeout client 15s timeout server 15s errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend rvsproxyserver-80 bind *:80 mode tcp redirect scheme https code 301 if !{ ssl_fc } #redirect everything to https frontend rvsproxyserver-443 bind *:443 ssl crt /var/www/certs/haproxy #concatened .pem certs location for websites option tcplog mode tcp acl tls req.ssl_hello_type 1 tcp-request inspect-delay 5s tcp-request content accept if tls acl is_website1 hdr(host) website1 #simple acl1 acl is_website2 hdr(host) website2 #simple acl2 use_backend redirect-website1 if is_website1 #declare backend1 use_backend redirect-website2 if is_website2 #declare backend2 backend redirect-website1 mode tcp option ssl-hello-chk server webserver1 10.10.10.10:443 check #name and IP of my webserver1 backend redirect-website2 mode tcp option ssl-hello-chk server webserver2 10.11.11.11:443 check #name and IP of my webserver2
)Posts: 2
Participants: 2